ISSUE-83 states:
Instantiated widget should not be able to read digital signature
http://www.w3.org/2008/webapps/track/issues/83
The following is a proposal of text to add to P&C to address this
issue, based on text from Marcos and adding the notion of allowing
policy and access control mechanisms to be used:
"Where a user agent that implements this specification interacts with
implementations of other specifications, this user agent MUST deny
other implementations access to digital signature documents unless an
access control mechanism is in place to enable access according to
policy. The definition of such a policy mechanism is out of scope of
this specification, but may be defined to allow access to all or
parts of the signature documents, or deny any such access. An
exception is if a user agent that implements this specification also
implements the OPTIONAL [Widgts-DigSig] specification, in which case
the user agent MUST make signature documents available to the
implementation of the [Widgets-DigSig] specification."
This message should complete ACTION-329 which should be closed.
regards, Frederick
Frederick Hirsch
Nokia